From 543d3aaab955b0ad6614c7dc456fb6005c269149 Mon Sep 17 00:00:00 2001 From: kooper Date: Thu, 2 May 2019 10:27:15 +0000 Subject: SDC Certificate location is configurable Change-Id: I1512c47570a4cd8a739b3ce517ee6bf8c5544b18 Issue-ID: SDC-2195 Signed-off-by: kooper --- kubernetes/sdc/charts/sdc-es/templates/pv.yaml | 2 +- kubernetes/sdc/charts/sdc-es/templates/pvc.yaml | 2 +- .../sdc-onboarding-be/templates/deployment.yaml | 7 ++++ .../sdc/charts/sdc-onboarding-be/templates/pv.yaml | 38 +++++++++++++++++ .../charts/sdc-onboarding-be/templates/pvc.yaml | 49 ++++++++++++++++++++++ .../sdc/charts/sdc-onboarding-be/values.yaml | 12 ++++++ 6 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml create mode 100644 kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml (limited to 'kubernetes') diff --git a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml b/kubernetes/sdc/charts/sdc-es/templates/pv.yaml index 9ceef30007..618b23a584 100644 --- a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml +++ b/kubernetes/sdc/charts/sdc-es/templates/pv.yaml @@ -35,4 +35,4 @@ spec: persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml index 2f343c83dc..e1f01b67fe 100644 --- a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml +++ b/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml @@ -46,4 +46,4 @@ spec: storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 87556b0b55..70895d308d 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -88,6 +88,8 @@ spec: - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password} + - name: SDC_CERT_DIR + value: {{ .Values.cert.certDir }} volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /root/chef-solo/environments/ @@ -99,6 +101,8 @@ spec: - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: @@ -133,5 +137,8 @@ spec: defaultMode: 0755 - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-cert-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml new file mode 100644 index 0000000000..b292ff9448 --- /dev/null +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml @@ -0,0 +1,38 @@ +{{/* +# ================================================================================ +# Copyright (C) 2019, Nordix Foundation. All rights reserved. +# ================================================================================ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-cert + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.cert.persistence.size}} + accessModes: + - {{ .Values.cert.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.cert.persistence.mountSubPath }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml new file mode 100644 index 0000000000..eb2c372a33 --- /dev/null +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml @@ -0,0 +1,49 @@ +{{/* +# ================================================================================ +# Copyright (C) 2019, Nordix Foundation. All rights reserved. +# ================================================================================ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-cert + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.cert.persistence.annotations }} + annotations: +{{ toYaml .Values.cert.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.cert.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.cert.persistence.size }} +{{- if .Values.cert.persistence.storageClass }} +{{- if (eq "-" .Values.cert.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.cert.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 4b09a1104b..2b7edd97ed 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -90,6 +90,18 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-cs/CS +##Certificate storage persistence +##This is temporary solution for SDC-1980 +cert: + certDir: /var/lib/jetty/cert + persistence: + enabled: true + size: 10Mi + accessMode: ReadOnlyMany + volumeReclaimPolicy: Retain + mountSubPath: /sdc/onbaording/cert + + ingress: enabled: false -- cgit 1.2.3-korg